From nobody Tue Oct 01 01:55:12 2024
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XHgxY5Cbxz5Y17Y
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Tue, 01 Oct 2024 01:55:13 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XHgxY4jX6z43pM;
	Tue,  1 Oct 2024 01:55:13 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1727747713;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=qH9JIKVCDx9UQngljCdlIabRSoL+CYyMkv2Kdv6zkGY=;
	b=YsNHx0iRkRXGSBAwxZxWDByqoSPvxjv5V5x8Cr2yKLXaZhnVrzDAdRsTIQ2+wkkWtRgT7o
	K4tp3xEJFhEGMGt9v48IkU/XuS5b59oxkudxdyZL5MM3Svl8iadhcpRsRqBfKbUwVRbMNz
	6qBQDbUt30ELR0ZfM8/bBFZqEGqMl5oJ+jF7KHjUm2I8eRXmHbejlDCuOKtlNpl7Vx9qGT
	92JQMwmqv4dFqYS5f8oflWB/k8C/5rykizypO6fXcT/GV4SdPBr4xJbkDsGltjXtz5uTOi
	jnN+Na4JZ6gcF2wXVv1Bz6L4vtX7jTwDuFsBT7x984++XNv1LToBO0U6oAF8rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1727747713;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=qH9JIKVCDx9UQngljCdlIabRSoL+CYyMkv2Kdv6zkGY=;
	b=QeIIUkz3co4bKJmIGFAEL87Tak3uLK6c93vwU/i+SCOg4bH+/UM11AHoYdE5H2nmQKQIuG
	Lxdx3dCPxL8c4Bp8l7fewmWi9nUcWbbrIJes/W9HDZ/eI/S99A8/I9rXyc0QXwjHCXBT4R
	0fEhm2w5ZnHn7ujFZzEY5hApFr7rf3ljiHy3XaDAlwZyvOKPKcCSeNMCEcxE/EzrsvQL87
	LgB/pPYqkizPvWEAg3/c/Qmr8m400ZeXlnuSQYyV1PBP66+sGiv6+E8jerbkFgfqcS66cO
	ORY6NNZFZhHb/ysCSg5UmnGEkLqq/2SW/cexxNoo33MFRco3Ysd+G2cH7FE+6Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727747713; a=rsa-sha256; cv=none;
	b=HYQ5EmyOtUBGD073NuBDVjhiF74XzWwdjpxNFpnpKFDR1kDbqy8usQE3StvSLypKXGyaUM
	He5j6u8Uwz9H2s98YtV+ZJGH9Slnf831KVJf8W0XS/nOyPx86mtM8aEkg8oM2RBbFCucxv
	qbQRd9VRArdL9AEJNolI8rz9EdkklgLN9M3Or/jOiBux96OjSlhxLCH71qtFCVwjezxItY
	5hfcHGZdOO/FI8U0fOgkXz+ed3n2u/b1yBVP5P/bIe8A3fckZHzDCo7XbIxJ8+sr4GI3E1
	iXQq3sgeKzK+cWFTNgs3Frczzd5bfn4sJ9GfUc0ldik22+q+Vd+TDQvKvlTRKg==
Received: from [10.9.4.95] (unknown [209.182.120.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: kevans/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4XHgxY2RHtzbH1;
	Tue,  1 Oct 2024 01:55:13 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Message-ID: <21c4125f-0ac0-46f4-9f5c-9f14a3e7e397@FreeBSD.org>
Date: Mon, 30 Sep 2024 20:55:12 -0500
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: weekly locate error Was: September 2024 stabilization week
To: Jamie Landeg-Jones <jamie@catflap.org>, freebsd-current@FreeBSD.org
References: <ZvEgC9ak7paxygYw@cell.glebi.us> <ZvRze1gldJTCvjir@cell.glebi.us>
 <Zvh-8cMF_HtOJ3uu@int21h> <Zvrp25zS9thDe3ak@cell.glebi.us>
 <3313f951-4f9e-4298-bbd8-f82c5a15a0e3@protected-networks.net>
 <ZvsTQu_LQFHs1lnN@cell.glebi.us> <ZvsX9qOI_bSAL7Mj@int21h>
 <f01f6af0-d9f2-482c-b2b0-1d86937c86fa@FreeBSD.org>
 <202410010036.4910aIoW095390@donotpassgo.dyslexicfish.net>
Content-Language: en-US
From: Kyle Evans <kevans@FreeBSD.org>
In-Reply-To: <202410010036.4910aIoW095390@donotpassgo.dyslexicfish.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 9/30/24 19:36, Jamie Landeg-Jones wrote:
> Kyle Evans <kevans@FreeBSD.org> wrote:
> 
>> It might be that the better long-term approach is to teach updatedb.sh
>> how to drop privileges and push that out of the periodic script to avoid
>> surprises like this from the different execution environments.  This
>> /feels/ like the kind of thing we could take an opinionated stance on,
>> maybe providing an escape hatch of some sort if someone really wants to
>> complain that they can't document all filenames on the system.
> 
> This is how it already works. It calls locate.updatedb as "nobody", so
> only files readable by "nobody" are indexed:
> 
>      echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3

Yes, my proposal is that it stops doing that and we teach updatedb to 
handle the priv-dropping instead, so that you get the same behavior no 
matter how you execute it.

Thanks,

Kyle Evans